From interim to year-end

The rules have changed for firms that perform interim reviews and year-end audits of client financial statements

Through 2009, interim reviews of non-issuers followed Statement on Standards for Accounting and Review Services for reviews and Statement on Auditing Standards for the year-end audit.

However, the Auditing Standards Board's SAS 116, Interim Financial Information, which amends SAS 100 of the same name, now requires reviews of interim financial information to be performed under the audit standard if the prior year-end financial statements were audited and the firm has been engaged, or expects to be engaged, to audit current year-end financial statements.

Concurrent with the issuance of SAS 116, the American Institute of CPAs issued SSARS 18, which includes a provision that SSARS is not applicable when the above situation exists.

Practitioners must be aware of some additional considerations apart from what is done under SSARS. The CPA should have sufficient knowledge of the entity's business and its internal controls, since both relate to the preparation of annual and interim financial information. The understanding of internal controls is more in-depth than that required under SSARS. The CPA should gain enough understanding of the internal controls to be able to recognize the types of potential misstatements and the likelihood of their occurrence. This understanding is integral to the design and selection of inquiries and the analytical procedures to be performed. They provide the CPA with a basis to communicate if they are aware of any material modification that should be made to conform to the applicable reporting framework (such as U.S. GAAP, IFRS or OCBOA).

If the CPA is also the continuing auditor, the additional work required is likely to be limited to an understanding of the controls applicable to interim reporting. An example of a control that may be different at interim, as opposed to year-end, may be the processes relating to sales cut-off or inventory balances. The documentation for this understanding is not likely to be onerous. If the CPA is a successor auditor, however, the understanding that needs to be obtained at the time of performing the review is more extensive. It may include procedures to determine if controls are in place, which could consist of walk-throughs or similar procedures. Since SAS 116 contemplates the CPA performing the year-end audit, these procedures can be used in the audit and may only need to be updated if there are changes in processes or controls.

In limited situations, the CPA can perform the review and not issue a report. However, if the interim financial information is included in a report, document or written communication, and the entity states that the information has been reviewed by an independent public accountant, then the CPA should issue a report. This report is different from the SSARS review report, and an example is included in the professional literature. The written engagement letter, which is required, should specify if a report is going to be issued or not.

If the CPA did not perform the most recent year-end audit, then they must communicate with the predecessor auditor and make certain inquiries prior to acceptance of the engagement. Those inquiries are the same as those required when engaged to only perform an audit, as specified in AU Section 315.

One of the most significant differences from SSARS is that the entity may present condensed interim financial information, rather than the typical full GAAP (or OCBOA) financial statements, as long as certain criteria are met. If the entity wishes to present condensed financial information, it must purport to conform to an appropriate financial reporting framework and be consistent with the framework used to prepare the previous annual audited financial statements. The information must contain a note that the financial information does not represent a complete set of financial statements and should be read in conjunction with the entity's latest annual audited financial statements.

Lastly, the condensed financial information must be accompanied by the last audited annual financial statements or those statements must be readily available, such as on the entity's Web site. It is important to note that "available upon request" is not considered readily available. Generally, a reader must be able to obtain the latest audited annual financial statement without any further action by the entity. If any of these criteria do not exist, the entity must issue a full set of financial statements.

If the CPA identifies matters that would be required to be reported in the year-end audit under either SAS 115, Communicating Internal Control Related Matters Identified in an Audit, or SAS 114, The Auditor's Communication with Those Chargedwith Governance, they should consider if these should be reported along with the report on the interim financial information. A change in accounting policy, for instance, should be reported at an interim date.

Richard E. Wortmann, CPA, is owner of RW Group LLC in Landenberg, Pa. Reach him at rewortmann@rwgroupllc.com.

GRC is relevant for organizations across the spectrum, from Fortune 100 multinationals to fast-growing companies aiming for international expansion, an IPO or a buyout. The traditional approach of managing risk in silos across different functions—internal audit, internal controls and compliance— and reacting to risks as they occur puts many companies at a disadvantage. Today’s environment demands a more agile and innovative approach to GRC.